Newest Intel Side-Channel Attack Sniffs Out Sensitive Data


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords.

Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics. Instead it leverages a component called CPU ring interconnect contention. This component facilitates communication across various CPU units – including cores, the last-level cache, system agent, and graphics unit – on modern Intel processors, such as the Skylake and Coffee Lake CPUs.
Riccardo Paccagnella, one of the researchers with the University of Illinois at Urbana-Champaign who discovered the attack, told Threatpost that the side-channel attack could give attackers the means to infer “key bits” from both vulnerable cryptographic implementations and from the precise timing of keystrokes typed by a victim user.

“The attacker needs to be able to already run unprivileged code on the machine under attack,” Paccagnella told Threatpost. “This may be possible by either fooling the user into downloading some code (e.g. a malicious app/malware) and run it, stealing the credentials of an unprivileged user of the same machine (and then, e.g., SSH-ing into it), or exploiting remote code execution vulnerabilities.”

In their research paper [PDF]: “Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical,” researchers said the attack is unique because it works in spite of some previous side-channel defenses.

“In this paper, we present the first on-chip, cross-core side channel attack that works despite [previous] countermeasures,” said the team of University of Illinois at Urbana-Champaign researchers in their paper, which will be presented at USENIX Security 2021.